Encryption Using Entropy-Based Key Derivation

1. A method comprising: generating a random value as a key split associated with an instance of writing a data to memory, wherein the key split is unique to the instance of writing the data to the memory; selecting, based at least in part on two or more non-overlapping sub-portions of the key split, a respective two or more random values from a plurality of random values by indexing, using the two or more non-overlapping sub-portions of the key split, into two or more locations of an entropy table to retrieve the two or more random values associated with the two or more locations of the entropy table, including using a first non-overlapping sub-potion of the key split to index into a first location of the entropy table to retrieve a first random value from the plurality of random values, and using a second non-overlapping sub-potion of the key split to index into a second location of the entropy table to retrieve a second random value from the plurality of random values; generating an intermediate encryption key based at least in part on the two or more random values, wherein the two or more random values include the first random value and the second random value; performing a mixing function on the intermediate encryption key to generate an encryption key, wherein the encryption key is unique to the instance of writing the data to the memory and is unique to a memory location in the memory; encrypting the data using the encryption key; and storing the encrypted data and the key split to the memory.

2. The method of claim 1 , wherein selecting the two or more random values further comprises: retrieving, from the entropy table populated with the plurality of random values, the two or more random values.

3. The method of claim 1 , wherein generating the intermediate encryption key further comprises: generating the intermediate encryption key by combining the plurality of random values.

4. A system comprising: memory; and logic circuitry configured to: generate a random number as a key split associated with an instance of writing a data to the memory, wherein the key split is unique to the instance of writing the data to the memory, select, based at least in part on two or more non-overlapping sub-portions of the key split, a respective two or more random values from a plurality of random values by indexing, using the two or more non-overlapping sub-portions of the key split, into two or more locations of an entropy table to retrieve the two or more random values associated with the two or more locations of the entropy table, including using a first non-overlapping sub-potion of the key split to index into a first location of the entropy table to retrieve a first random value from the plurality of random values, and using a second non-overlapping sub-potion of the key split to index into a second location of the entropy table to retrieve a second random value from the plurality of random values, generate an intermediate encryption key based at least in part on the two or more random values, wherein the two or more random values include the first random value and the second random value, perform a mixing function on the intermediate encryption key to generate an encryption key, wherein the encryption key is unique to the instance of writing the data to the memory and is unique to a memory location in the memory, encrypt the data using the encryption key, and store the encrypted data and the key split to the memory.

5. The system of claim 4 wherein the logic circuitry is further configured to: retrieve, from the entropy table populated with the plurality of random values, the two or more random values.

6. The system of claim 5 , wherein the logic circuitry is further configured to: responsive to a power-up cycle of a system comprising the entropy table: clear the entropy table, generate the plurality of random values for the entropy table, and populate the entropy table with the generated plurality of random values.

7. The system of claim 4 , wherein the logic circuitry is further configured to: generate the intermediate encryption key by combining the plurality of random values.

8. The system of claim 7 , wherein the logic circuitry is further configured to: perform the mixing function on the intermediate encryption key to generate the encryption key such that there is not a one-to-one correspondence between a value of a portion of the intermediate encryption key and a value of a corresponding portion of the encryption key.

9. The system of claim 4 , wherein the logic circuitry is further configured to: retrieve the key split stored in memory; generate a decryption key based at least in part on the key split using the entropy-based key derivation function; and decrypt the encrypted data using the decryption key.

10. The system of claim 9 , wherein the logic circuitry is further configured to: retrieve, from the entropy table populated with the plurality of random values, the two or more random values; and generate the decryption key based at least in part on the two or more random values.

11. A non-transitory computer-readable medium comprising instructions that upon execution cause a processor to: generate a random number as a key split associated with an instance of writing a data to memory, wherein the key split is unique to the instance of writing the data to the memory; select, based at least in part on two or more non-overlapping sub-portions of the key split, a respective two or more random values from a plurality of random values by indexing, using the two or more non-overlapping sub-portions of the key split, into two or more locations of an entropy table to retrieve the two or more random values associated with the two or more locations of the entropy table, including using a first non-overlapping sub-potion of the key split to index into a first location of the entropy table to retrieve a first random value from the plurality of random values, and using a second non-overlapping sub-potion of the key split to index into a second location of the entropy table to retrieve a second random value from the plurality of random values; generate an intermediate encryption key based at least in part on the two or more random values, wherein the two or more random values include the first random value and the second random value; perform a mixing function on the intermediate encryption key to generate an encryption key, wherein the encryption key is unique to the instance of writing the data to the memory and is unique to a memory location in the memory; encrypt the data using the encryption key; and store the encrypted data and the key split to the memory.

12. The non-transitory computer-readable medium of claim 11 , wherein the instructions that upon execution cause the processor to select the two or more random values from the plurality of random values further comprise instructions that upon execution cause the processor to: retrieve, from the entropy table populated with the plurality of random values, the two or more random values.

13. The non-transitory computer-readable medium of claim 11 , wherein the instructions that upon execution cause the processor to perform the mixing function on the intermediate encryption key to generate the encryption key further comprise instructions that upon execution cause the processor to: perform the mixing function on the intermediate encryption key to generate the encryption key such that there is not a one-to-one correspondence between a value of a portion of the intermediate encryption key and a value of a corresponding portion of the encryption key.